Signature Detail

HTTP: McAfee ePolicy Orchestrator / Protection Pilot Buffer Overflow

This signature detect attempts to exploit a known vulnerability against McAfee ePolicy Orchestrator / Protection Pilot. Attackers can send an overly long source parameter in an http request that can result in gaining complete control of the target system.

Extended Description

The HTTP server component of McAfee ePolicy Orchestrator and ProtectionPilot is prone to a remote stack-based buffer-overflow vulnerability that can lead to complete system compromise. This issue arises because the application fails to perform boundary checks before copying user-supplied data into sensitive process buffers. A successful attack may result in arbitrary code execution with SYSTEM privileges, leading to a full compromise. McAfee ePolicy Orchestrator 3.5.0 patch 5 and prior versions as well as ProtectionPilot 1.1.1 patch 2 and prior versions are vulnerable to this issue.

Affected Products

• McAfee ePolicy Orchestrator 1.0.0
• McAfee ePolicy Orchestrator 1.1.0
• McAfee ePolicy Orchestrator 2.0.0
• McAfee ePolicy Orchestrator 2.5.0
• McAfee ePolicy Orchestrator 2.5.0 SP1
• McAfee ePolicy Orchestrator 2.5.1
• McAfee ePolicy Orchestrator 3.0.0
• McAfee ePolicy Orchestrator 3.0.0 SP2a
• McAfee ePolicy Orchestrator 3.5
• McAfee ePolicy Orchestrator 3.5 patch 5
• McAfee ProtectionPilot 1.1.0
• McAfee ProtectionPilot 1.1.1
• McAfee ProtectionPilot 1.1.1 patch 2

References

• BugTraq: 20288
• CVE: CVE-2006-5156
• URL: http://www.frsirt.com/english/advisories/2006/3861
• URL: http://knowledge.mcafee.com/article/365/8611438_f.SAL_Public.html
• URL: http://www.osvdb.org/29421